Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.
Proposing the following two concepts:
Creation of IDS Category/Rule "BRUTE FORCE RELAY ATTEMPTS". One of the current attacks is constantly attempting to relay through the server without logging in. We are a provider that does not allow any form of relay without prior login - so if that option was set, this rule would be beneficial.
Addition of the ability to specify what protocol to apply a rule to.
Most of our attackers try to attack our SMTP service only - they rarely bother with IMAP and we don't offer POP3 except on a domain level special use case need only. The SMTP attack consists of attempting to login once or twice through an IP - wait for a LONG period of time - sometimes a day or two - then try again. - but doing this with HUNDREDS of IPs at a time - continuously. We want to craft a different Brute force rule based on this concept, while giving our IMAP and Webmail users a little more breathing room. If they're already setup in IMAP, they are using a client with a saved password 99% of the time, so manually mitigating those rare cases would be a non-issue.
MailEnable survivor / convert --